6 Key Facts About Kubernetes v1.36's New Manifest-Based Admission Policies

If you've ever attempted to enforce security policies across a fleet of Kubernetes clusters, you've likely hit a frustrating chicken-and-egg scenario. Your admission policies depend on API objects for their lifecycle, but those objects don't exist until someone creates them, and anyone with sufficient permissions can delete them. This leaves a dangerous window during cluster bootstrap when policies aren't active, and no mechanism prevents privileged users from removing them. Kubernetes v1.36 introduces an alpha feature to resolve this: manifest-based admission control. This feature allows you to define admission webhooks and CEL-based policies as files on disk, loaded by the API server at startup—before it serves any requests. Here are six essential details you need to know about this game-changing improvement.

1. The Bootstrap Gap Problem

Most Kubernetes policy enforcement today operates through the API. You create a ValidatingAdmissionPolicy or webhook configuration as an API object, and the admission controller picks it up. This works well in steady state but has fundamental limitations. During cluster bootstrap, there's a gap between when the API server starts serving requests and when your policies are created and active. If you're restoring from a backup or recovering from an etcd failure, that gap can become significant. During this window, pods can launch without being checked, potentially violating security policies. The new manifest-based approach eliminates this gap by loading policies from disk before the API server begins processing any requests, ensuring that no request can bypass your policies from the very start.

2. The Self-Protection Vulnerability

Admission webhooks and policies have a self-protection problem: they cannot intercept operations on their own configuration resources. Kubernetes deliberately skips invoking webhooks on types like ValidatingWebhookConfiguration to avoid circular dependencies. This means a sufficiently privileged user can delete your critical admission policies, and there is nothing in the admission chain to stop them. This vulnerability undermines the entire security model of cluster policy enforcement. The new manifest-based admission control addresses this by making policies immutable and not deletable through the API. Once loaded from disk, these policies are always active and cannot be removed or modified via API operations, providing a true "always on" guarantee.

3. Introducing Manifest-Based Admission Control

Kubernetes v1.36's alpha feature, manifest-based admission control, provides a way to say "these policies are always on, full stop." Instead of creating policies via API objects, you define them as YAML files placed in a designated directory on the API server's filesystem. The API server reads these files at startup, before it begins serving any requests. This means that from the moment the cluster comes online, policies are in effect. These static manifests are separate from the dynamic API-driven admission configuration and cannot be altered or deleted through kubectl or any other API call. This approach closes both the bootstrap gap and the self-protection vulnerability, giving cluster administrators a reliable foundation for security.

4. How to Configure Static Policy Files

Setting up manifest-based admission control is straightforward. You add a staticManifestsDir field to the AdmissionConfiguration file that you already pass to the API server via --admission-control-config-file. Point it at a directory, drop your policy YAML files in there, and the API server loads them before it starts serving. The manifest files are standard Kubernetes resource definitions, so you can use the same syntax and structure you're already familiar with. The only additional requirement is that all objects defined in these manifests must have names ending with .static.k8s.io. This reserved suffix prevents collisions with API-based configurations and makes it easy to trace the origin of any admission decision when examining metrics or audit logs.

5. The Naming Rule: .static.k8s.io Suffix

The .static.k8s.io suffix is a critical part of the manifest-based admission control feature. This reserved naming convention serves two purposes. First, it prevents name collisions with policies created through the API, ensuring that static and dynamic policies can coexist without conflict. Second, it makes audit events and metrics easily identifiable—any admission decision coming from a policy with the .static.k8s.io suffix clearly indicates that it originated from a file-based configuration, not an API object. This helps with debugging and compliance. Administrators can quickly distinguish between static policies (which are immutable and always active) and dynamic policies (which may have been modified or deleted by users). The suffix is enforced by the API server when loading static manifests.

6. Real-World Example: Deny Privileged Pods

To illustrate how this works, here's a complete example of a manifest-based policy that denies privileged containers outside the kube-system namespace. Create a YAML file named, for instance, deny-privileged.yaml in your static manifests directory (/etc/kubernetes/admission/validating-policies/). The file contains a standard ValidatingAdmissionPolicy resource with the name ending in .static.k8s.io. The policy uses CEL expressions to check for privileged containers and has a failurePolicy of Fail. Once placed, this policy becomes active from the moment the API server restarts. No API call can remove or modify it, giving you a rock-solid enforcement of the privileged container ban across your cluster, even during bootstrap or recovery scenarios.

Kubernetes v1.36's manifest-based admission control marks a significant step forward in cluster security. By eliminating the bootstrap gap and the self-protection vulnerability, it gives administrators a way to enforce critical policies that cannot be bypassed or deleted. As this feature matures from alpha to stable, it will become an essential tool for any organization running Kubernetes at scale. Start experimenting with it today to lock down your cluster's admission chain like never before.